Posted by Erin Karatkiewicz | March 4, 2015
Microsoft Dynamics CRM Security has many layers, and can get awfully sticky if you’re not careful. We start off many of our Security Role discussions by saying it’s a good GREAT idea to save the out-of-the-box Security Roles provided by CRM and copy these roles to make your changes, or make new roles altogether. This is a safety net so if your changes get the best of you and you can’t quite find your way out of the visibility, append/ append-to, or any other scenario – you have a reset or referenceable option. I so value this tip that I will add it to every post I write on the topic.
All that said, Custom Entities have no access allowed for any Security Role or user upon initial creation. This is all managed within the Security Role option. You could certainly open every Security role you’re using for each user and add the appropriate options for the custom entity or you can approach this by creating a new Security Role for that custom entity. This may be too much if you have a myriad of custom entities, but can be helpful and I use it regularly. Say we have a Custom Entity called Airplane. In a Security Role (under the Custom Entities tab) it would appear initially as below for our OOTB Sales Manager role.
If all users should have access to this entity, rather than adding access at the user level for all used Security Roles, you can create a new Security Role (in this case adding a new role is appropriate since we’re only dealing with one custom entity) and allow appropriate options to allow them access (they use the key at the bottom of the window as a guide).
Now rather than opening every Security role that may need this similar access, you can simply select all the users applicable, then use “Manage Roles” to add this role.
In some cases, you may have two levels of access for a Custom entity, which is as simple as creating something like “Custom Entity- Airplane Exec”. Of course since Microsoft allows us several ways to do things, perhaps it makes sense to only allow one Security Role executive privileges, so you might go ahead and add that custom entity’s privileges for Executives to just the one executive role, while using the new Custom Role to all other relevant users. Again, there are many ways to build your Security in Dynamics CRM to meet your needs. (Org charts come in handy for building more complicated security) This can be one more streamlined way to control access to an entity without changing every role you’re using. If you have any security questions, please let us know! Crmadminassist@xrmcubed.com.
We have several other posts on Security to help understand all of those layers and I’ve listed them below to make it easier for you.
By Erin Karatkiewicz, Applications Consultant, with xRM3, a Microsoft Partner specializing in Dynamics CRM consulting, implementation, integration, and administrative services. Based in San Diego County Southern California.